CVE-2022-26376
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP especialmente diseñada puede conllevar a una corrupción de memoria. Un atacante puede enviar una petición de red para desencadenar esta vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-05 CVE Reserved
- 2022-08-05 CVE Published
- 2025-03-30 EPSS Updated
- 2025-04-15 CVE Updated
- 2025-04-15 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 | 2025-04-15 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Xt8 Firmware Search vendor "Asus" for product "Xt8 Firmware" | < 3.0.0.4.386_48706 Search vendor "Asus" for product "Xt8 Firmware" and version " < 3.0.0.4.386_48706" | - |
Affected
| in | Asus Search vendor "Asus" | Xt8 Search vendor "Asus" for product "Xt8" | - | - |
Safe
|
| Asus Search vendor "Asus" | Tuf-ax3000 V2 Firmware Search vendor "Asus" for product "Tuf-ax3000 V2 Firmware" | < 3.0.0.4.386_48750 Search vendor "Asus" for product "Tuf-ax3000 V2 Firmware" and version " < 3.0.0.4.386_48750" | - |
Affected
| in | Asus Search vendor "Asus" | Tuf-ax3000 V2 Search vendor "Asus" for product "Tuf-ax3000 V2" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xd4 Firmware Search vendor "Asus" for product "Xd4 Firmware" | < 3.0.0.4.386_48790 Search vendor "Asus" for product "Xd4 Firmware" and version " < 3.0.0.4.386_48790" | - |
Affected
| in | Asus Search vendor "Asus" | Xd4 Search vendor "Asus" for product "Xd4" | - | - |
Safe
|
| Asus Search vendor "Asus" | Et12 Firmware Search vendor "Asus" for product "Et12 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Et12 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Et12 Search vendor "Asus" for product "Et12" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax6000 Firmware Search vendor "Asus" for product "Gt-ax6000 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Gt-ax6000 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax6000 Search vendor "Asus" for product "Gt-ax6000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xt12 Firmware Search vendor "Asus" for product "Xt12 Firmware" | < 3.0.0.4.386_48823 Search vendor "Asus" for product "Xt12 Firmware" and version " < 3.0.0.4.386_48823" | - |
Affected
| in | Asus Search vendor "Asus" | Xt12 Search vendor "Asus" for product "Xt12" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax58u Firmware Search vendor "Asus" for product "Rt-ax58u Firmware" | < 3.0.0.4.386_48908 Search vendor "Asus" for product "Rt-ax58u Firmware" and version " < 3.0.0.4.386_48908" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax58u Search vendor "Asus" for product "Rt-ax58u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xt9 Firmware Search vendor "Asus" for product "Xt9 Firmware" | < 3.0.0.4.388_20027 Search vendor "Asus" for product "Xt9 Firmware" and version " < 3.0.0.4.388_20027" | - |
Affected
| in | Asus Search vendor "Asus" | Xt9 Search vendor "Asus" for product "Xt9" | - | - |
Safe
|
| Asus Search vendor "Asus" | Xd6 Firmware Search vendor "Asus" for product "Xd6 Firmware" | < 3.0.0.4.386_49356 Search vendor "Asus" for product "Xd6 Firmware" and version " < 3.0.0.4.386_49356" | - |
Affected
| in | Asus Search vendor "Asus" | Xd6 Search vendor "Asus" for product "Xd6" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax11000 Pro Firmware Search vendor "Asus" for product "Gt-ax11000 Pro Firmware" | < 3.0.0.4.386_48996 Search vendor "Asus" for product "Gt-ax11000 Pro Firmware" and version " < 3.0.0.4.386_48996" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax11000 Pro Search vendor "Asus" for product "Gt-ax11000 Pro" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-axe16000 Firmware Search vendor "Asus" for product "Gt-axe16000 Firmware" | < 3.0.0.4.386_48786 Search vendor "Asus" for product "Gt-axe16000 Firmware" and version " < 3.0.0.4.386_48786" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-axe16000 Search vendor "Asus" for product "Gt-axe16000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax86u Firmware Search vendor "Asus" for product "Rt-ax86u Firmware" | < 3.0.0.4.386_49447 Search vendor "Asus" for product "Rt-ax86u Firmware" and version " < 3.0.0.4.386_49447" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax86u Search vendor "Asus" for product "Rt-ax86u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax68u Firmware Search vendor "Asus" for product "Rt-ax68u Firmware" | < 3.0.0.4.386_49479 Search vendor "Asus" for product "Rt-ax68u Firmware" and version " < 3.0.0.4.386_49479" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax68u Search vendor "Asus" for product "Rt-ax68u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax82u Firmware Search vendor "Asus" for product "Rt-ax82u Firmware" | < 3.0.0.4.386_49380 Search vendor "Asus" for product "Rt-ax82u Firmware" and version " < 3.0.0.4.386_49380" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax82u Search vendor "Asus" for product "Rt-ax82u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax56u Firmware Search vendor "Asus" for product "Rt-ax56u Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Rt-ax56u Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u Search vendor "Asus" for product "Rt-ax56u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax55 Firmware Search vendor "Asus" for product "Rt-ax55 Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Rt-ax55 Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax55 Search vendor "Asus" for product "Rt-ax55" | - | - |
Safe
|
| Asus Search vendor "Asus" | Gt-ax11000 Firmware Search vendor "Asus" for product "Gt-ax11000 Firmware" | < 3.0.0.4.386_49559 Search vendor "Asus" for product "Gt-ax11000 Firmware" and version " < 3.0.0.4.386_49559" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax11000 Search vendor "Asus" for product "Gt-ax11000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | < 3.0.0.4.386_48706 Search vendor "Asus" for product "Asuswrt" and version " < 3.0.0.4.386_48706" | - |
Affected
| ||||||
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | New Gen Search vendor "Asuswrt-merlin" for product "New Gen" | < 386.7 Search vendor "Asuswrt-merlin" for product "New Gen" and version " < 386.7" | - |
Affected
| ||||||